Write test for virtual memory space limits #530
Labels
Comments
|
Looking at the report do I get it right that you compiled LTP with ilp32 ABI and all that we need to do is to write a test that sets stack limit to unlimited then does fork() + execve()? |
|
Yes. It would reproduce the bug as Andreas reported, on this branch. I think it would make sense in scenario to take a set of relevant existing tests and run them again with ulimit -s unlimited. |
pevik
pushed a commit
to pevik/ltp
that referenced
this issue
Oct 23, 2023
Fix: linux-test-project#530 Signed-off-by: Wei Gao <wegao@suse.com>
pevik
pushed a commit
to pevik/ltp
that referenced
this issue
Jan 8, 2024
Fixes: linux-test-project#530 Reviewed-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Wei Gao <wegao@suse.com>
pevik
pushed a commit
to pevik/ltp
that referenced
this issue
Jan 8, 2024
Fixes: linux-test-project#530 Link: https://lore.kernel.org/ltp/20231025083706.13767-2-wegao@suse.com/ Reviewed-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Wei Gao <wegao@suse.com>
pevik
pushed a commit
to pevik/ltp
that referenced
this issue
Jan 8, 2024
Link: linux-test-project#530 Link: https://lore.kernel.org/ltp/20231025083706.13767-3-wegao@suse.com/ Reviewed-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Wei Gao <wegao@suse.com>
pevik
pushed a commit
to pevik/ltp
that referenced
this issue
Jan 8, 2024
Fixes: linux-test-project#530 Link: https://lore.kernel.org/ltp/20231025083706.13767-2-wegao@suse.com/ Reviewed-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Wei Gao <wegao@suse.com>
pevik
pushed a commit
to pevik/ltp
that referenced
this issue
Jan 8, 2024
Link: linux-test-project#530 Link: https://lore.kernel.org/ltp/20231025083706.13767-3-wegao@suse.com/ Reviewed-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Wei Gao <wegao@suse.com>
coolgw
added a commit
to coolgw/ltp
that referenced
this issue
Jan 9, 2024
Fixs: linux-test-project#530 Signed-off-by: Wei Gao <wegao@suse.com>
pevik
pushed a commit
to pevik/ltp
that referenced
this issue
Jan 23, 2024
Fixs: linux-test-project#530 Signed-off-by: Wei Gao <wegao@suse.com>
coolgw
added a commit
to coolgw/ltp
that referenced
this issue
Jan 23, 2024
Fixs: linux-test-project#530 Signed-off-by: Wei Gao <wegao@suse.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
During the testing of arm64/ilp32 it was discovered a bug related to how kernel internal machinery handles limits of userspace memory.
https://lkml.org/lkml/2019/5/13/129
$ ulimit -s
8192
$ ./hello.ilp32
Hello World!
$ ulimit -s unlimited
$ ./hello.ilp32
Segmentation fault
$ strace ./hello.ilp32
execve("./hello.ilp32", ["./hello.ilp32"], 0xfffff10548f0 /* 77 vars */) = -1 ENOMEM (Cannot allocate memory)
+++ killed by SIGSEGV +++
Segmentation fault (core dumped)
I use LTP to test my branch, and it seems there is no testcase that triggers an alarm. The discovered reason for a bug is in functionality introduced at the end of 2018 - DEFAULT_MAP_WINDOW. Adding the new ABI to arm64 requires a small modification of the macro:
diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h
index 5bdf357169d8..c509f83fa506 100644
--- a/arch/arm64/include/asm/processor.h
+++ b/arch/arm64/include/asm/processor.h
@@ -63,7 +63,7 @@
TASK_SIZE_32 : TASK_SIZE_64)
#define TASK_SIZE_OF(tsk) (is_compat_thread(tsk) ?
TASK_SIZE_32 : TASK_SIZE_64)
-#define DEFAULT_MAP_WINDOW (test_thread_flag(TIF_32BIT) ?
+#define DEFAULT_MAP_WINDOW (is_compat_task() ?
TASK_SIZE_32 : DEFAULT_MAP_WINDOW_64)
#else
#define TASK_SIZE TASK_SIZE_64
Otherwise, for the new ilp32 runtime DEFAULT_MAP_WINDOW would be just like for lp64 which leads to over-the-boundary address assignment in the case of 'ulimit -s unlimited'.
In unlimited case, execve() creates a vdso area close to the DEFAULT_MAP_WINDOW which was erroneously set out of 32-bit space. This is the exact scenario of how the bug was spotted out by Andreas Schwab.
Because of a lack for a testcase it took almost half a year to discover the bug (and 1 day to fix it). I'd like to encourage LTP community to introduce a testcase for this scenario.
Thanks,
Yury
The text was updated successfully, but these errors were encountered: